Rust Identified as Safer Coding Tool by NIST

The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) has added Rust to its list of “Safer Languages” as part of its Software Assurance Metrics and Tool Evaluation (SAMATE). Here’s why the Rust Foundation sees this news as significant to the wider software development ecosystem.

Rust Endorsed for Safer Coding by NIST

While the popularity and adoption of Rust have been growing for some time, wider awareness of its cybersecurity merits is coming into a more global focus. Memory safe languages like Rust are emerging as critical assets not only for organizations trying to prevent data corruption and null pointer references but also for the United States government as it becomes increasingly concerned with encouraging proper information security measures.

Case in point: this month, The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) has added Rust to its list of “Safer Languages”. Let’s take a look at what this news means and why it’s a noteworthy development for both Rust and cybersecurity.

A Primer on NIST  #

Founded in 1901, The National Institute of Standards and Technology (NIST) is one of the oldest physical science labs in the United States. 

While NIST was originally established by Congress to help maintain a competitive economy through standardization and measurement, today the institute is housed under the Department of Commerce and is focused on a wide range of scientific and technological areas, including cybersecurity. Their efforts include advocating for tools, solutions, and frameworks that can help reduce the risk of security threats and code vulnerabilities.  

NIST’s “Safer Languages” List #

One of NIST’s many initiatives is the Software Assurance Metrics And Tool Evaluation (SAMATE) project. This body is “dedicated to improving software assurance by developing methods to enable software tool evaluations, measuring the effectiveness of tools and techniques, and identifying gaps in tools and methods” according to the NIST website

The Safer Languages is a function of SMATE’s “classes of software security assurance functions.” In short, NIST recommends the usage of programming languages with built-in security features that are actively monitored and supported by maintainers. 

Rust as a Key Cybersecurity Asset #

In March 2023, NIST added Rust to its list of Safer Languages on the grounds of its ownership model, which “guarantees both memory safety and thread safety, at compile-time, without requiring a garbage collector.” NIST points out that Rust “allows users to write high-performance code while eliminating many bug classes,” and while Rust does have an “unsafe” mode, the institute explains that risk is mitigated through the narrow scope of actions allowed. 

Shared Advocacy & Awareness Ahead #

While the Rust community has long been aware of the language’s promotion of safer coding, the Rust Foundation is encouraged to see a large government body with global influence such as the U.S. Department of Commerce taking note of Rust’s cybersecurity merits. Rust is in a strong position to become even more key to performant and safe computer systems globally.    

As the steward of the Rust programming language and community, the Rust Foundation continues to see advocacy and awareness work as one of our key responsibilities. With NIST’s addition of Rust for safer coding, we hope to see other government agencies, consumer protection bodies, and organizations taking note of the importance of memory safety and recommending tools like Rust to secure the systems impacting our daily lives. #